cybersecurity @ itu including europe region actions · 2018. 4. 7. · software defined networking...
TRANSCRIPT
Cybersecurity @ ITU including Europe region actions
Rosheen Awotar-MaureeProgramme Officer, ITU Office for Europe
ITU Overview
2
Cybersecurity - Global PolicySustainable Development Goals – SDGs 1, 4, 5, 7, 8, 9, 11, 16, 17SDG 9: Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation.
Target 9.1: Develop quality, reliable, sustainable and resilient infrastructure, including regional and trans-border infrastructure, to support economic development and human well-being, with a focus on affordable and equitable access for all.
WSIS Action Line C5 : Building confidence and security in the use of ICTs
Global Cybersecurity Agenda - GCA A multi-stakeholder platform to address cybersecurity challenges from 5 perspectives : Legal, Technical, Organisational, Capacity Building, Cooperation 3 Pillars of Sustainable Development
❖Economic development❖Social inclusion ❖Environmental protection
3
4
A platform for information exchange between ITU Member States and SectorMembers (industry & academia
ITU-D Study Group2 Question3
• Securing information and communication networks: Best practices for developinga culture of cybersecurity
ITU-T Study Group 17 : Security
• Develop recommendations for future standards including in Cybersecurity
ITU-R Study Groups
• Securing radiocommunications
Study Groups & Cybersecurity @ITU
5
ITU-T Study Group 17 : Security Over 170 standards (ITU-T Recommendations and Supplements) published Topics currently being addressed include▪ cybersecurity, security management, security architectures and frameworks▪ countering spam, identity management, the protection of personally identifiable information▪ applications and services security for the Internet of Things (IoT), smart grid, smartphones▪ software defined networking (SDN), web services, big data analytics, social networks▪ cloud computing, mobile financial systems, IPTV and tele-biometrics
Outcomes include▪ Recommendation ITU-T X.509: for electronic authentication over public networks – used in designing
applications relating to public key infrastructure (PKI)▪ ITU-T X.1500 CYBEX: collection of best-of-breed standards from government agencies and industry –a
standardized means to exchange the cybersecurity information demanded by CIRTS▪ ITU-T X.805: used by telecom network operators and enterprises to provide an end-to-end architecture
description from a security perspective & thus pinpoint all vulnerable points in a network and mitigate them
▪ Recommendation ITU-T X.1254, Entity authentication assurance framework – provides secure data exchange across parties and reduces fraud, identity theft
6
Security related activities in ITU-R
• Recommendations ITU-R M.1078, ITU-R M.1223, ITU-R M.1457, ITU-R M.1645, ITU-R
M.2012: Security principles for IMT (3G and 4G) networks
• Recommendation ITU-R S.1250: security issues in network management architecture for
digital satellite systems
• Recommendation ITU-R S.1711: security issues in performance enhancements of
transmission control protocol over satellite networks
• work in radiocommunication standardization continues, matching the constant evolution
in modern telecommunication networks
ITU-D Services to Member States in Cybersecurity
7
Global Cybersecurity index - GCI Objective
The Global Cybersecurity Index (GCI) measures and ranks each nation state’s level of cybersecurity commitment in five main areas:
• Legal Measures
• Technical Measures
• Organizational Measures
• Capacity Building
• National and International Cooperation
Goals
• help countries identify areas for improvement
• motivate them to take action to improve their GCI ranking
• help harmonise practices
• foster a global culture of cybersecurity
Final Global and Regional Results 2017 are on ITU Website
Join us for the GCI 2018 iteration – we are looking for partnershttp://www.itu.int/en/ITU-D/Cybersecurity/Pages/GCI.aspx
8
Pragmatic reference guide can be used by all countries, including micro-countries: developed strategies, new strategies under development, …
A nation-neutral toolkit that can be applied globally: Europe, CIS, Africa, Americas, Asia Pacific, …
Measuring improvements: provide best practice indicators to assess improvements over time
National Cybersecurity Toolkit a co-authored and co-owned multi-stakeholder initiative
Accompanying evaluation tool:easily identify key areas for improvement and how they can be addressed
Reference to other guidelines/references:link to existing models and evaluation tools
9
National CIRT Programme
▪ Assess existing capability of/need for national cybersecurity mechanisms
▪ On-site assessment through meetings, training, interview sessions and site visits
▪ Form recommendations for plan of action (institutional, organizational and technical requirements)
▪ Implement based on the identified needs and organizational structures of the country
▪ Assist with planning, implementation, and operation of the CIRT.
▪ Continued collaboration with the newly established CIRT for additional support
▪ Capacity Building and trainings on the operational and technical details
▪ Exercises organized at both regional and international levels
▪ Help enhance the communication and response capabilities of the participating CIRTs
▪ Improve overall cybersecurity readiness in the region
▪ Provide opportunities for public-private cooperation
10
ITU Office for Europe
43 Countries : Albania, Andorra, Austria, Belgium, Bosnia and Herzegovina, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, The Former Yugoslav Republic of Macedonia, Monaco, Montenegro, Netherlands, Norway, Poland, Portugal, Romania, San Marino, Serbia, Slovak Republic, Slovenia, Spain, Sweden, Switzerland, Turkey, Vatican, United Kingdom
WTDC-14: 4 Regional Initiatives for 2014 to 2017 EUR1: Spectrum management and transition to digital broadcastingEUR2: Development of broadband access and adoption of broadbandEUR3: Ensuring access to telecommunications/ICTs in particular for persons with disabilitiesEUR4: Building confidence and security in the use of telecommunications/ICTs
WTDC-17: 5 Regional Initiatives for 2018 to 2021
11
ITU Regional Initiative 4 in Europe 2014-2018
Objective: To build trust and confidence in the use of ICTs among children and young people in Europe
Expected Result: Assistance to the countries in need in the following:
1. Utilizing the existing knowledge on risk and vulnerabilities to which children are exposed in cyberspace and providing best practices
2. Providing a platform to raise awareness on child online protection (COP) and safety issues
3. Developing and implementing roadmaps for national or regional COP initiatives.
12
ITU Regional Initiative 4 in Europe
Objective: To build confidence and security in the use of telecommunications /ICTs
Some Actions 2016-2017 • ITU – Council of Europe: High Level Round Table on COP, 10 October 2016
• ITU-ENISA Regional Cybersecurity Forum for Europe, 29-30 November 2016, Bulgaria
• Benchmark of national initiatives on COP in the Central and Eastern European Countries
• Central European Cybersecurity public-private dialogue platform, Romania [co-organized - annual]
• National CIRT Implementation, Cyprus [2017-2018]
• CIRT Assessment, Bosnia & Herzegovina, November-December 2017
• International Conference "Keeping Children and Young People Safe Online”, Poland [co-organized - annual]
• ITU ALERT International Cyber Drill Exercise for the Europe & CIS Regions, Moldova , 21-23 November 2017
• Western European Cybersecurity public-private dialogue platform, Switzerland, 7-8 December 2017
• Webinar on Global Cybersecurity Index (GCI) for the Europe Region report 2017 , 18 December 2017
13
Survey : Review of National Activities April 2017
Launched at the Regional Preparatory
Forum, Vilnius, April 2017
18 countries surveyed
Practices collected from 6 countries :
Albania, Bosnia & Herzegovina,
Romania, Serbia, Slovak Republic,
Turkey
14
Areas Covered by the Survey
Perceptions of online child safety issues
Availability of advice or guidance
Availability of awareness raising and related programmes
Legal framework and law enforcement resources
National focal points
Perceptions of the level of co-operation with industry
Perceived assistance needed by each country
15
Regional Review Conclusions
• Every country in the region acknowledge its responsibility to act to ensure that the internet and its associated technologies are safe for children and young people.
• Countries increasingly are integrating awareness of online risks into a broader child protection and parenting agenda.
• National focal points are a key element in effective online protection. All countries should have a well-resourced national focal point that is connected with regional and international initiatives.
16
• In many countries, the legislative frameworks are broadly in line with international and regional legal instruments. However, it is extremely important for every country to ensure its legal measures and legislative framework stay in step with technological developments and changes in behaviour.
• Advice and guidance on safety online is being provided through several media that target or are used by children. Unified messaging will facilitate and reinforce understanding and reduce potential confusion.
Regional Review Conclusions
17
• Support provided to OCECPR - Cyprus telecom regulatory agency
• Started in March 2017
• Focus on Critical Infrastructure Incidents
• Current Status
• Equipment and Infrastructure in place
• Staffing and training done
• Soft launch
• Phase 1 of CIRT with Basic services operational : by July 2018
National CIRT Implementation for Cyprus
18
Digital Youth Forum Warsaw, May 2017
• The Digital Youth Forum held in Warsaw, Poland on 25 May 2017• 500+ youth (14–17 years old)
• More than 30 schools connected remotely
• Exposition focusing on digital skills and digital opportunities
• Operation Uncool Launched• 200+ respondents to the query
supporting open consultation for the purposes of the ITU Council Working Group on Child Online Protection
19
5th Central European Cybersecurity Public-Private Dialogue Platform, September 2017
Awareness day for Children 13 September – Pre Congress stakeholders on a voluntary basis
400+ CHILDREN ATTENDING
20
• Held in Warsaw, Poland
• 500 Participants
• Countries represented : Belgium, Bulgaria, Finland, France, Germany, Greece, Ireland, Lithuania, Luxembourg, the Netherlands, Spain, Switzerland, Turkey, United Kingdom, Ukraine.
• Highlights : Fake news, Cyberbullying, Pornography, Privacy issues
The 11th International Conference "Keeping Children and Young People Safe Online", 19-20 September 2017
21
1st Western European Cybersecurity Public-Private Dialogue PlatformDecember 2017
Awareness day for Children 07 November
• Held in Porrentruy, Switzerland
• 100+ Participants
• Countries represented :Finland, France, Italy, Romania,
Switzerland, USA
22
ITU Regional Initiative 4 in Europe 2018-2021
EUR 4 - Enhancing trust and confidence in the use of information and communication technologies
Objective: To support the deployment of resilient infrastructure and secure services allowing all citizens, especially children, to use ICTs in their daily lives with Confidence
Expected Result: Assistance to the countries in need in the following:
strategies
1. Providing regional platforms and tools for building human capacities (awareness and expert training) to enhance trust and confidence in the use of ICTs
2. Sharing country and regional best practices and case studies and conducting surveys on enhancing confidence and trust in the use of ICTs
3. Elaborating or review national cybersecurity strategies
4. Setting up or improving the capabilities of national computer security incident response teams (CSIRTs) and the corresponding networks to support these CSIRTs in cooperating with each other
5. Conducting simulation exercises such as cyber-drills at national and regional level in cooperation with international and regional organizations and assisting countries in developing tools through synergies and resource optimization. 23
2018 Cybersecurity actions in Europe Region ..
• Today’s event – propose future actions in outcome report• CIRT Assessment – Albania, May• Regional Development Forum: Cybersecurity projects for countries- Prague,
June • International Conference "Keeping Children and Young People Safe Online –
Warsaw, September
• Central European Cybersecurity Public-Private Dialogue Platform – Sibiu, September
• Regional Cyberdrill - Nicosia, October • New Global Challenges in Cybersecurity: CERT-RO annual conference –
Bucharest, November
• Western European Cybersecurity Public-Private Dialogue Platform –December
24